Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

uk_nm elitebar DerBiz and checkrun!

Infizi

Posted 21 May 2005 - 08:21 AM

Infizi

New Member

Member

2 posts

ok, ive run ad-aware 6 pro, spybot S&D, Microsoft Anti-Spyware, Win CleanUP and HJT. Also got ZoneLabs AntiVirus runing and checking! I have a reasonable knowledge and ive run all these and removed tonnes of stuff. Ive also un SP2 my laptop until its fixed.

Now, here are the problems.1) Everytime i turn my PC on it runs this DerBiz cr*p.2) Ad-Aware and MS ASW remove a number of cookies and applications, + reg keys3)DerBiz still runs4) Ad-Watch (ad-aware extra) keeps picking up (every 10 seconds) allday long (even after cleans and anti-spyware removal eyt etc) an attempt to change a value in the registry called chekcrun into the windows/run and tells it to point to system32/elitegra32.exe (dosent exist)5) I keep getting pop ups from casalemedia.com that started when the spyware got on my PC!6) The details below happen EVERYTIME i restart. What the...? Same results from cleaners and ASW things...

So, im down to my last tether. Ive only just got my PC fully working again afer a well needed format.

SearchMiracle.EliteBar Browser Plug-in more information...Details: SearchMiracle.EliteBar adds a search redirection toolbar to Internet Explorer called Elite Bar.Status: RemovedHigh threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Dialer.ASDPlugin Dialer more information...Details: Dialer.ASDPlugin is a premium-rate adult dialer.Status: RemovedHigh threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!Here is a link to help with thathttp://www.bleepingc...showtutorial=62

Once in Safe Mode

Doubleclick LQfix.bat that you saved on your desktop before.

A doswindow will open and close again, this is normal.

Now Locate and Delete these

C:\XP\System32\svcnet.exe<< File Only!

C:\XP\msview<< Folder!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!